Cloud safety has modified. Whereas firms used to depend on particular person level options to safe particular person components of their cloud environments, right now’s cloud panorama appears just a little totally different.
Complicated multicloud environments have turn out to be extra commonplace and, in consequence, assault surfaces have expanded. Initially, many safety groups turned to vendor consolidation and native device unification as a solution to streamline workflows and consolidate the inflow of safety indicators from disparate options. Nevertheless, as cyberattacks grew extra subtle and extra frequent, cyber defenders have been rapidly overwhelmed by the fixed inflow of safety alerts.
Because of this, we have begun to see a push for contextualized safety through which cybersecurity professionals are empowered with visibility into essential assault paths, risk-based prioritization, automated alerts that may flag potential cloud misconfigurations, and extra. The important thing to reaching this state of contextualized safety is to embrace a unified cloud-native software safety platform (CNAPP) that leverages a mixture of agentless and agent-based protections.
Why Agentless and Agent-Based mostly Protections Are Higher Collectively
Agentless versus agent-based safety is an age-old debate in cybersecurity. Some firms favor the in-depth visibility, real-time menace safety, and complete monitoring of particular person workloads provided by agent-based protections. This mannequin may also be mixed with safety data and occasion administration (SIEM) software program to allow safety groups to synthesize and correlate knowledge when investigating advanced, cross-platform safety incidents. Nevertheless, different firms require the agility and adaptability of agentless protections.
Specifically, we have seen extra rising cloud safety applied sciences undertake an agentless strategy due to the benefits it affords in large-scale, advanced environments. Agentless safety makes use of noninvasive strategies, like cloud picture evaluation, log file evaluation, and API connections, to gather safety knowledge. This reduces the necessity for hands-on administration or ongoing upkeep and generally is a extra environment friendly use of sources. Agentless protections are additionally significantly efficient for organizations that deploy hardened sources and can’t set up a cloud safety agent.
Reasonably than selecting between agent-based and agentless, we would argue that the higher strategy is to undertake a mixture of each. By deploying a CNAPP that makes use of agent-based and agentless protections, organizations get the most effective of each worlds. The CNAPP is extra sturdy and versatile, adapting to the precise wants of a corporation’s cloud atmosphere by optimizing its use of agent-based or agentless safety as wanted. This provides organizations the deep visibility and safety of agent-based safety however in a manner that is sensible for dynamic multicloud environments.
Think about the instance of a monetary service group. Banks usually take care of delicate knowledge, equivalent to Social Safety and bank card numbers, that may’t be uncovered to the Web. In these circumstances, agentless safety might be utilized to safeguard delicate knowledge whereas additionally serving to safety groups perceive the context and linked dangers. On the identical time, the group may also leverage agent-based safety to raised detect and reply to ongoing and future assaults with real-time alerts about brute drive assaults or knowledge filtrations, equivalent to a malware marketing campaign. A corporation’s DevOps safety workforce can additional shift safety left and combine malware-scanning options into the DevOps levels to attain code-to-cloud safety.
The Energy of Contextualized Cloud Safety
Along with versatile cloud protections, organizations additionally want contextualized safety. Safety directors are tasked with holding multicloud environments secure and sustaining a wholesome cloud safety posture. Nevertheless, they’re being overwhelmed with a unending listing of posture enchancment suggestions that make it tough to know the place to begin and what they need to deal with first. Contextual cloud safety posture administration (CSPM) helps information safety directors by prioritizing an important dangers to remediate first based mostly on their potential affect to the enterprise.
One solution to prioritize safety suggestions is by taking a look at potential paths that attackers may use to breach your atmosphere and compromise high-impact property. A contextualized CSPM would establish this assault path; rank it based mostly on potential threat elements, equivalent to Web publicity, permissions required, and lateral motion; and recommend remediations that would break the trail and forestall a profitable breach.
By embracing a unified CNAPP that comes with contextualized CSPM options, organizations not solely can higher prioritize safety suggestions, however they’ll additionally proactively embed finest practices throughout the enterprise. Along with CSPM, CNAPPs additionally mix capabilities throughout DevOps safety administration, cloud workload safety, cloud infrastructure entitlement administration, and community safety. This allows SOC analysts, safety directors, and builders to make use of the CNAPP for simpler collaboration.
Builders and directors can work collectively to proactively embed safety into software code, whereas SOC analysts achieve the breadth and depth of knowledge they should anticipate potential safety dangers and reply to threats in actual time. The result’s end-to-end safety that helps firms function extra securely in evolving, fast-paced cloud environments.
— Learn extra Partner Perspectives from Microsoft Security.
Author: Microsoft Safety, Microsoft
Date: 2023-11-15 08:30:00
